X.509 certificates, also referred to as digital certificates, are used in a wide variety of applications. These digital certificates provide a method to verify the identity of a user, are a component of a secure communications channel, and deliver authentication information based on these capabilities.
X.509 certificates are defined by the Telecommunication Standardization Sector (ITUT) of the International Telecommunication Union (ITU) as part of the Directory (X.500) series.
The structure of an X.509 v3 digital certificate is as follows:                Certificate                    Version            Serial Number            Algorithm ID            Issuer            Validity                            Not Before                Not After                                    Subject            Subject Public Key Info                            Public Key Algorithm                Subject Public Key                Issuer Unique Identifier (Optional)                                    Subject Unique Identifier (Optional)            Extensions (Optional)                            . . .                                                Certificate Signature Algorithm        Certificate Signature        
X.509 certificates bind the name of an entity in the real world, such as a company “VeriSign,” to a public key. The “Subject” field of the certificate provides a location for storage of the name, which is bound to the public key stored in the certificate. The subject name is in the form of an X.500 or LDAP directory name and is often identical to the entity's directory name, e.g., the fully qualified domain name of the website: www.verisign.com. Because of this close association, the X.509 certificate's Subject name is often referred to as the distinguished name. Many digital certificates contain only one name, which is stored in the Subject field.
Starting with X.509 v3 certificates, the subject alternative name extension was provided to allow identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate. Defined options include an Internet electronic mail address, a DNS name, an IP address, or a Uniform Resource Identifier (URI). Additional description related to the structure of X.509 digital certificates may be found in RFC 5280 from the IETF.
Despite the benefits available through the use of digital certificates, there is a need in the art for improved methods and systems related to the use of digital certificates.